b'              U.S. Department of Energy\n              Office of Inspector General\n              Office of Inspections and Special Inquiries\n\n\n\n\nInspection Report\n\nInternal Controls for Excessing and\nSurplusing Unclassified Computers at\nLos Alamos National Laboratory\n\n\n\n\nDOE/IG-0734                                  July 2006\n\x0c\x0c\x0cINTERNAL CONTROLS FOR EXCESSING AND SURPLUSING\nUNCLASSIFIED COMPUTERS AT LOS ALAMOS NATIONAL\nLABORATORY\n\nTABLE OF\nCONTENTS\n\n\n              OVERVIEW\n\n              Introduction and Objective     1\n\n              Observations and Conclusions   2\n\n\n              DETAILS OF FINDINGS\n\n              Criteria                       3\n\n              Sanitization Process           3\n\n              Hard Drive Removal             4\n\n\n              RECOMMENDATIONS                6\n\n\n              MANAGEMENT COMMENTS            6\n\n\n              INSPECTOR COMMENTS             6\n\n\n              APPENDICES\n\n              A. Scope and Methodology       7\n\n              B. Management Comments         8\n\x0cOverview\n\nINTRODUCTION    The Department of Energy\xe2\x80\x99s (DOE\xe2\x80\x99s) Los Alamos National\nAND OBJECTIVE   Laboratory (LANL) is one of the largest multidisciplinary science\n                institutions in the world. The primary national security missions of\n                LANL are to help ensure the safety and reliability of the Nation\xe2\x80\x99s\n                nuclear stockpile, prevent the spread of weapons of mass\n                destruction, develop strategies to mitigate global threats, and\n                protect the United States from terrorist attacks. LANL is managed\n                by the University of California for the Department\xe2\x80\x99s National\n                Nuclear Security Administration (NNSA).\n\n                Computers are used extensively in the full range of operations at\n                LANL, to include the processing of classified and unclassified\n                information. In accordance with DOE Property Management\n                Regulations, when computer equipment is no longer needed or\n                becomes old or obsolete, LANL program officials may determine\n                that the equipment is excess to their needs. Excess equipment\n                should be screened to determine if it can be utilized by other\n                Laboratory or Federal organizations. If the excess equipment is\n                not claimed, it becomes surplus to DOE and should be offered\n                through donation to State agencies and other organizations. If the\n                surplus equipment is not claimed, it should be disposed of as scrap\n                or sold at auction.\n\n                Under DOE policy, computer equipment that is declared surplus\n                must be sanitized before it is released to any outside organization.\n                In addition, the Property Management Manual for LANL\xe2\x80\x99s\n                property disposal subcontractor requires that hard drives be\n                removed before any computers are sold.\n\n                On August 13, 2005, an Apple MAC G4 computer declared excess\n                by LANL was sold at an Albuquerque auction house to a local\n                television station employee. On August 25, 2005, the television\n                station reported that the computer hard drive contained LANL\n                documents. A follow-on report suggested that some of those\n                documents were marked as being classified. We subsequently\n                determined that this was not the case, but that the computer had\n                been released from the Laboratory with a hard drive that contained\n                unclassified LANL documents. As a result, we initiated an\n                inspection to determine if LANL had complied with internal\n                controls applicable to excessing and surplusing the Apple MAC G4.\n\n\n\n\nPage 1                                 Internal Controls for Excessing and\n                                       Surplusing Unclassified Computers at\n                                       Los Alamos National Laboratory\n\x0cOBSERVATIONS AND   We concluded that LANL did not comply with internal controls\nCONCLUSIONS        applicable to excessing and surplusing the Apple MAC G4. This\n                   resulted in the unauthorized release of a computer hard drive\n                   containing LANL documents on matters such as budget, time and\n                   attendance, and unclassified procedures for transmitting classified\n                   information. Specifically, we found that LANL had not:\n\n                   \xe2\x80\xa2   Sanitized the hard drive, as required, prior to processing the\n                       computer as excess/surplus; and,\n\n                   \xe2\x80\xa2   Removed the hard drive, as required, prior to transferring the\n                       computer for sale at auction.\n\n                   The Apple MAC G4 was excessed in June 2005, along with seven\n                   other computers. In light of the internal control failures relating to\n                   excessing and surplusing the Apple MAC G4, we concluded that\n                   there was no assurance that the hard drives for the seven other\n                   computers were sanitized prior to their being processed as excess\n                   equipment. Because they had already been sold and turned over to\n                   the purchasers, we were unable to determine whether the seven\n                   computers still contained their hard drives when they were sent to\n                   auction. We did, however, inspect a sample of other LANL\n                   computers awaiting sale at the Albuquerque auction house. We\n                   did not find evidence that these computers still contained hard\n                   drives.\n\n\n\n\nPage 2                                            Observations and Conclusions\n\x0cDetails of Findings\n\nCRITERIA              DOE N 205.12, \xe2\x80\x9cCLEARING, SANITIZING, AND\n                      DESTROYING INFORMATION SYSTEM STORAGE MEDIA,\n                      MEMORY DEVICES, AND OTHER RELATED HARDWARE,\xe2\x80\x9d\n                      which was in effect at the time the Apple MAC G4 was declared\n                      excess, stated that DOE, including NNSA, contractors must ensure\n                      that no unauthorized information can be retrieved from\n                      unclassified DOE computer equipment that is to be transferred or\n                      declared surplus. The Contractor Requirements Document (CRD)\n                      for DOE N 205.12 stated that systems or equipment declared\n                      surplus or donated to outside organizations must be sanitized.\n                      Further, it stated that individuals sanitizing computer equipment\n                      must, at a minimum, affix a label that: (1) describes the\n                      equipment; (2) provides a statement indicating that the equipment\n                      has been cleared and/or sanitized in accordance with DOE N\n                      205.12; and (3) contains the date, the printed name, and the\n                      signature of the individual certifying that the process has been\n                      successfully completed. In addition, the CRD required the certifier\n                      to prepare separate documentation recording the same information\n                      and the contractor to maintain this documentation for a minimum\n                      of 5 years. The successor directive to DOE N 205.12 contains\n                      similar requirements.\n\n                      LANL\xe2\x80\x99s Property Management Manual, Chapter 14, \xe2\x80\x9cExcess and\n                      Salvage Property,\xe2\x80\x9d states that the users of unclassified computing\n                      equipment must sanitize excess/salvage computers. The manual\n                      states that the computer users are required to delete files containing\n                      sensitive, personal, or proprietary data. In addition, LANL\xe2\x80\x99s\n                      property disposal subcontractor\xe2\x80\x99s Property Management Manual\n                      states the subcontractor will sanitize computers intended for\n                      reissue either internally or externally. In addition, this manual\n                      states that the subcontractor \xe2\x80\x9cshall not sell any computers/laptops\n                      with hard-drives in them.\xe2\x80\x9d\n\nSANITIZATION          We found that LANL had not sanitized the Apple MAC G4 hard\nPROCESS               drive, as required, prior to processing the computer as\n                      excess/surplus. Specifically, we determined that the hard drive of\n                      the Apple MAC G4 sold at the Albuquerque auction house in\n                      August 2005 had not been sanitized as required by DOE and\n                      LANL policy. The hard drive contained LANL documents on\n                      matters such as budget, time and attendance, and unclassified\n                      internal procedures for transmitting classified information.\n                      Further, because of the breakdown in internal controls, there was\n                      no assurance that the hard drives for seven other computers\n                      excessed at the same time as the Apple MAC G4 had been\n                      sanitized prior to disposal.\n\n\n\nPage 3                                                              Details of Findings\n\x0c             The Apple MAC G4 had been used in an unclassified LANL\n             Training Facility. The LANL official responsible for disposal of\n             property at this facility had declared the computer excess to the\n             facility\xe2\x80\x99s needs. In June 2005, a LANL \xe2\x80\x9cExcess/Salvage\n             Equipment Request Form\xe2\x80\x9d was prepared, indicating that the Apple\n             MAC G4, along with seven other computers, had been sanitized by\n             this official. However, LANL could not produce the\n             documentation required by DOE N 205.12 with the date, the\n             printed name, and the signature of the person certifying that the\n             process had actually been completed for all eight computers.\n             Further, the signatures and dates required on the excess salvage\n             form certifying that \xe2\x80\x9cthere is no reason not to release this property\n             to the general public\xe2\x80\x9d were left blank.\n\n             The LANL official recalled declaring the computer equipment\n             excess, but had no specific recollection or record showing that the\n             computer hard drives had been sanitized. Since the computers had\n             already been sold at auction, we could not determine whether the\n             required labels had been affixed to the computers verifying that\n             they were sanitized.\n\n             We also determined that although all eight computers were\n             reusable and that the Apple MAC G4, in particular, was a good\n             candidate for reutilization within the Laboratory, the computers\n             were erroneously identified in LANL\xe2\x80\x99s Excess Property\n             Information System as \xe2\x80\x9csalvage.\xe2\x80\x9d Salvage was defined as property\n             that is obsolete, disassembled, or damaged to an extent that it could\n             not be used for its original purpose. Had the computers been\n             properly identified, they might have had a continuing useful life at\n             the Laboratory.\n\nHARD DRIVE   We found that LANL had not removed the Apple MAC G4 hard\nREMOVAL      drive, as required, prior to transferring the computer for sale at\n             auction. We were unable to determine whether the other seven\n             computers still contained hard drives when they were sent to\n             auction. This was due to the fact that the equipment had already\n             been sold and was in the possession of the purchasers.\n\n             On July 5, 2005, after the Apple MAC G4 was not claimed for\n             reutilization internally, it was picked up by the LANL property\n             disposal subcontractor. On July 7, 2005, this computer was sent to\n             auction with a sticker attached to the central processing unit stating\n             \xe2\x80\x9cHARD DRIVE REMOVED.\xe2\x80\x9d\n\n             According to a subcontractor spreadsheet that documented the\n             auction lot number, the property barcode, the serial number, the\n\n\n\nPage 4                                                     Details of Findings\n\x0c         model, and the manufacturer, the computer\xe2\x80\x99s hard drive was\n         removed before it was sent to auction. The spreadsheet was\n         initialed by the subcontractor employee responsible for assuring\n         that hard drives were removed before computers were sent to\n         auction. The employee stated that his initials on the spreadsheet\n         indicated that either he had removed the hard drive or the hard\n         drive had already been removed when he inspected the computer\n         before sending it to the auction house.\n\n         With regard to the Apple MAC G4 in question, the subcontractor\n         employee could not recall whether he removed the hard drive or if\n         it had already been removed before it was picked up by the LANL\n         property disposal subcontractor. He speculated that the Apple\n         MAC G4 may not have contained a hard drive when it was\n         received by the property disposal subcontractor. The employee\n         also speculated that it was possible that the Apple MAC G4 may\n         have had a second hard drive that had not been identified at the\n         time the computer was sent to auction.\n\n         There is a box on the \xe2\x80\x9cExcess/Salvage Equipment Request Form\xe2\x80\x9d\n         that can be checked to indicate \xe2\x80\x9cHard drive removed.\xe2\x80\x9d We\n         examined the form and determined that the box had not been\n         checked to indicate that the hard drive of the Apple MAC G4 had\n         been removed. In addition, we found no evidence that the Apple\n         MAC G4 had a second hard drive.\n\n         Although the seven computers excessed with the Apple MAC G4\n         were not available for examination, we inspected a sample of other\n         LANL computers awaiting sale at the Albuquerque auction house.\n         We did not find evidence that these computers still contained hard\n         drives.\n\n\n\n\nPage 5                                                Details of Findings\n\x0cRECOMMENDATIONS   The Department has experienced a number of instances throughout\n                  the complex wherein computers and related hardware have been\n                  disposed of inappropriately. Given the potential sensitivity of the\n                  data residing in the Department\xe2\x80\x99s systems, even the unclassified\n                  systems, it is important that excessing procedures be carefully\n                  followed. Consequently, we recommend that the Manager, Los\n                  Alamos Site Office, ensures that:\n\n                  1. All computers declared excess/salvage are sanitized according\n                     to DOE and LANL policy.\n\n                  2. All computer hard drives are removed prior to any sale of\n                     surplus computer equipment, as required by local procedures.\n\n                  3. The condition codes used for excess/salvage property are\n                     accurately input to LANL\xe2\x80\x99s Excess Property Information\n                     System, so that the potential for reuse at the Laboratory is\n                     maximized.\n\nMANAGEMENT        In comments on a draft of this report, NNSA concurred with our\nCOMMENTS          recommendations and stated that the draft report was consistent\n                  with the observations and findings of the Laboratory\xe2\x80\x99s internal\n                  audit team. NNSA stated that actions have been taken that meet\n                  the intent of our recommendations.\n\nINSPECTOR         We found management\xe2\x80\x99s comments to be responsive to our report\nCOMMENTS          recommendations.\n\n\n\n\nPage 6                                   Recommendations\n                                         Management and Inspector Comments\n\x0cAppendix A\n\nSCOPE AND     We conducted the majority of our fieldwork from August 2005\nMETHODOLOGY   though September 2005. Our review included interviews with\n              DOE officials from the NNSA Service Center and the Los Alamos\n              Site Office, officials from LANL Property Management, and\n              subcontractor employees. We also reviewed applicable policies\n              and procedures regarding property management.\n\n              This inspection was conducted in accordance with the \xe2\x80\x9cQuality\n              Standards for Inspections\xe2\x80\x9d issued by the President\xe2\x80\x99s Council on\n              Integrity and Efficiency.\n\n\n\n\nPage 7                                             Scope and Methodology\n\x0cAppendix B\n\n\n\n\nPage 8       Management Comments\n\x0cAppendix B (continued)\n\n\n\n\nPage 9                   Management Comments\n\x0c                                                                    IG Report No. DOE/IG-0734\n\n                           CUSTOMER RESPONSE FORM\n\nThe Office of Inspector General has a continuing interest in improving the usefulness of its\nproducts. We wish to make our reports as responsive as possible to our customers\xe2\x80\x99 requirements,\nand, therefore, ask that you consider sharing your thoughts with us. On the back of this form,\nyou may suggest improvements to enhance the effectiveness of future reports. Please include\nanswers to the following questions if they are applicable to you:\n\n1. What additional background information about the selection, scheduling, scope, or\n   procedures of the inspection would have been helpful to the reader in understanding this\n   report?\n\n2. What additional information related to findings and recommendations could have been\n   included in the report to assist management in implementing corrective actions?\n\n3. What format, stylistic, or organizational changes might have made this report\xe2\x80\x99s overall\n   message clearer to the reader?\n\n4. What additional actions could the Office of Inspector General have taken on the issues\n   discussed in this report which would have been helpful?\n\n5. Please include your name and telephone number so that we may contact you should we have\n   any questions about your comments.\n\n\nName                                          Date\n\nTelephone                                     Organization\n\n\nWhen you have completed this form, you may telefax it to the Office of Inspector General at\n(202) 586-0948, or you may mail it to:\n\n                               Office of Inspector General (IG-1)\n                                     Department of Energy\n                                    Washington, DC 20585\n\n                                  ATTN: Customer Relations\n\nIf you wish to discuss this report or your comments with a staff member of the Office of\nInspector General, please contact Judy Garland-Smith at (202) 586-7828.\n\x0cThe Office of Inspector General wants to make the distribution of its reports as customer friendly and cost\n  effective as possible. Therefore, this report will be available electronically through the Internet at the\n                                             following address:\n\n                   U.S. Department of Energy Office of Inspector General Home Page\n                                        http://www.ig.doe.gov\n\n       Your comments would be appreciated and can be provided on the Customer Response Form\n                                      attached to the report.\n\x0c'